shibboleth-dev - SSL problem......
Subject: Shibboleth Developers
List archive
- From:
- To:
- Subject: SSL problem......
- Date: Tue, 13 Jul 2004 14:54:16 -0400
I'm bringing up a new Solaris machine; it has both a Shib origin + target.... I'm currently having an SSL problem when the SHAR contacts the AA......
I've configured the origin (origin.xml), apache 1.3 + mod_ssl (via httpd.conf), and the shar (via shibboleth.xml) to all use the same key + cert.... all stored in flat file PEM format. And I have mod_ssl using the ca-bundle file I downloaded from IQ. My cert is signed by bossie.
the shar log says this:
2004-07-13 13:58:06 ERROR SAML.SAMLSOAPBinding [8] session_is_valid preFetch populate getNewResponse send send: failed while contacting SAML responder: SSL read: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure, errno 0
2004-07-13 13:58:06 ERROR Shibboleth.ShibBinding [8] session_is_valid preFetch populate getNewResponse send: caught SAML exception during SAML attribute query: SAMLSOAPBinding::send() failed while contacting SAML responder: SSL read: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure, errno 0
2004-07-13 13:58:06 ERROR shibtarget::InternalCCacheEntry [8] session_is_valid preFetch populate getNewResponse: caught SAML exception during query to AA: ShibBinding::send() unable to successfully complete attribute query
and the ssl_engine log says this:
[13/Jul/2004 11:01:18 06387] [error] Re-negotiation handshake failed: Not accepted by client!?
[13/Jul/2004 11:01:18 06387] [error] SSL error on writing data (OpenSSL library error follows)
[13/Jul/2004 11:01:18 06387] [error] OpenSSL: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate [Hint: No CAs known to server for verification?]
suggestions?
- SSL problem......, Steven_Carmody, 07/13/2004
- RE: SSL problem......, Scott Cantor, 07/13/2004
- RE: SSL problem......, Steven_Carmody, 07/13/2004
- RE: SSL problem......, Scott Cantor, 07/13/2004
- RE: SSL problem......, Steven_Carmody, 07/13/2004
- Re: SSL problem......, Elliot Metsger, 07/13/2004
- RE: SSL problem......, Scott Cantor, 07/13/2004
- RE: SSL problem......, Scott Cantor, 07/13/2004
Archive powered by MHonArc 2.6.16.